The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem exists in the verification of the Privilege Attribute Certificate (PAC) from a Kerberos TGS request, where a domain user may forge a PAC with arbitrary privileges, including Domain Administrator. This module requests a TGT ticket with a forged PAC and exports it to a MIT Kerberos Credential Cache file. It can be loaded on Windows systems with the Mimikatz help. It has been tested successfully on Windows 2008.
msf > use auxiliary/admin/kerberos/ms14_068_kerberos_checksum msf auxiliary(ms14_068_kerberos_checksum) > show actions ...actions... msf auxiliary(ms14_068_kerberos_checksum) > set ACTION <action-name> msf auxiliary(ms14_068_kerberos_checksum) > show options ...show and set options... msf auxiliary(ms14_068_kerberos_checksum) > run
as-rep-roast Author Jason Martinsen Python code to execute an AS-REP Roasting attack USE ONLY AGAINST AUTHORIZED TARGETS Usage : USAGE: as-rep-roastpy -u <userName>@<domainName> -d <domainControlerAddr> Hashcat compatible output will be piped to screen and to hashcatout file This code is based on the code from the below project
Python Kerberos Exploitation Kit PyKEK (Python Kerberos Exploitation Kit), a python library to manipulate KRB5-related data (Still in development) For now, only a few functionalities have been implemented (in a quite Quick'n'Dirty way) to exploit MS14-068 (CVE-2014-6324) More is coming Author Sylvain Monné Contact : sylvain dot monne at solucom dot fr ht
License DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE Version 3, August 2017 Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION You just DO WHAT THE FUCK YOU WANT TO
██╗ ██╗███████╗██╗ ██████╗ ███████╗██╗ ██╗██╗ ██║ ██║██╔════╝██║ ██╔══██╗██╔════╝██║ ██║██║ ███████║█████╗ ██║ ██████╔╝████